github.com/refraction-networking/utls (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/refraction-networking/utls, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2026-26994 — CVSS 6.5 (medium): uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In…
CVE-2026-27017 — CVSS 5.3 (medium): uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake…
CVE-2026-26995: Rejected reason: Further research determined the issue is an external dependency vulnerability.